Given their access to considerable financial resources, banks are often the target of cyberattacks. - 123RF Stock Photo

Scott Jones asking lenders to work with the organization to make the country an unappealing target for digital attackers

The leader of the federal government’s new cybersecurity agency made a pitch Thursday to some of the “big fish” for hackers — bankers — asking lenders to work with the organization to make the country an unappealing target for digital attackers.

“If the first call is that something bad is happening, it’s not going to go well,” Scott Jones, head of the Canadian Centre for Cyber Security, told a summit in Toronto hosted by the Canadian Bankers Association (CBA).

The cybersecurity centre launched only about six months ago as part of Canada’s electronic spy agency, the Communications Security Establishment.

In addition to helping defend the federal systems, the organization also aims to provide information and to share its knowledge with Canadian individuals and businesses, acting as a sort of one-stop shop for government security experts and advice.

Given their access to considerable financial resources, banks are often the target of cyberattacks.

In December, the centre released its first national cyber-threat assessment, which described (among other things) an attack method called “whaling.”

The tactic involves sending a message to a senior executive, or somebody else with the authority to move big sums of money around, that looks like it came from within the company and asks them to send funds to an account controlled by the attacker, potentially causing big financial losses and damage to reputations.

“Congratulations, you’re the big fish,” Jones told the bankers.

As a result of all this attention, the banks are also deploying considerable resources into warding off any attempts, with Jones praising their defensive efforts.

“We obviously care deeply about this issue given its impact and that we are a whale, as you described,” Neil Parmenter, president and CEO of the CBA, said during a question-and-answer session with Jones.

Jones also delivered a message of cooperation to the bankers, saying that they are seeking security through collaboration, meaning they need to find ways to talk and share information.

“We need to get to the point where we trust each other enough to say ‘I think there’s something strange going on,’ and it’s going through cybersecurity professionals, not lawyers,” Jones said.

The cybersecurity head noted that the centre is not a regulator, a law-enforcement agency or a newsroom, so it could not compel companies to cooperate and would not out those who did.

"We need to get to the point where we trust each other enough to say 'I think there’s something strange going on'" - Scott Jones

“We do not share the names or issues of companies that work with us or report cyber-incidents to us,” Jones said. “Any technical advice or guidance that we learn from any source that we have permission to share, we will attribute in a way that protects the anonymity of the people who talk to us.”

The CBA summit at which Jones spoke was the 16th edition of the event and included an area for vendors, such as Cylance, a California-based artificial intelligence and cybersecurity company recently acquired by BlackBerry Ltd.

Banks and other companies have had to make awkward cyber-related disclosures before, such as Bank of Montreal and Canadian Imperial Bank of Commerce’s Simplii Financial reporting last year that they were targeted by would-be “fraudsters” claiming that customer information may have been accessed.

According to the CBA, Canadian banks are “strongly supportive” of a joint public and private sector approach to cybersecurity in Canada. The industry group also said the banks already work with regulators, law enforcement and all levels of government to share best practices and information.

“Cybersecurity and resiliency are collaborative priorities for all banks in Canada, the financial sector more broadly and, indeed, society as a whole,” Parmenter said in a release.